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ABSTRACT 

Accurate channel state information (CSI) at the transmitter 
is critical for maximizing spectral efficiency on the downlink 
of multi-antenna networks. In this work we analyze a novel 
form of physical layer attacks on such closed-loop wireless 
networks. Specifically, this paper considers the impact of de- 
liberately inaccurate feedback by malicious users in a mul- 
tiuser multicast system. Numerical results demonstrate the 
significant degradation in performance of closed-loop trans- 
mission schemes due to intentional feedback of false CSI by 
adversarial users. 

Index Terms — Physical layer security, feedback, multi- 
cast beamforming, multiuser downlink, Byzantine attack. 

1. INTRODUCTION 

Effective interference management and spatial multiplexing 
of data in multiuser wireless systems is greatly dependent 
upon the accuracy of channel state information (CSI) at the 
transmitter. The use of feedback from receivers in multiuser 
wireless networks has now become a well-established tech- 
nique to provide CSI at the transmitter [13]. A number of 
analyses of imperfect feedback scenarios motivated by prac- 
tical considerations are available, such as partial CSI feedback 
[2 1, limited-rate feedback [3|, noisy feedback [4|, and delayed 
feedback0. 

However, the problem considered in this paper is signifi- 
cantly different. Since the performance advantage of closed- 
loop transmission schemes over their open-loop counterparts 
is completely determined by the quality of the CSI, this opens 
the door to deliberate misreporting of CSI by malicious users 
as a novel form of a physical layer attack. Jamming and 
eavesdropping are the traditional categories of physical layer 
attacks in the literature, and have been widely studied for 
multi-antenna systems (6). To the author's best knowledge 



this is the first work to investigate physical layer attacks on 
MIMO systems based on malicious feedback of CSI. 

In particular, we examine malicious or poisoned feedback 
attacks on the downlink of a multi-antenna network that is 
multicasting a common message to multiple receivers. The 
message being transmitted has no intrinsic value for the at- 
tacker; the malicious user is only interested in compromising 
the Quality-of-Service (QoS) provided to the legitimate re- 
ceivers. In network security parlance, malicious behavior by 
authenticated users from within the network are referred to 
as 'Byzantine attacks', and have usually been studied at the 
network and transport layers J7J. 

The remainder of this paper is organized as follows. The 
multicast network model and the adversarial user's capabili- 
ties are described in Sec. [2] The various forms of malicious 
feedback based on the corresponding objectives of the trans- 
mitter are listed in Sec. [3] Numerical results that depict the 
impact of poisoned feedback are shown in Sec. [4] and conclu- 
sions drawn in Sec. [5] 



2. MATHEMATICAL MODEL 

The network under consideration is comprised of a N t - 
antenna transmitter multicasting to K legitimate receivers 
and a single malicious user, all equipped with a single an- 
tenna^ each, such that K + 1 = K is the total number of 
receiving nodes. 

In the general multicast scenario, a common scalar infor- 
mation symbol z of unit power is transmitted to all K re- 
ceivers. This necessitates the use of a common N t xl transmit 
beamformer u with with power constraint ||u||2 < P- Com- 
pared to the broadcast scenario of independent information 
per receiver, the multicast beamforming problem was shown 
to be NP-hard (8) . This led to the development of a number of 
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1 It is straightforward to extend the principle of poisoned feedback to the 
case where each receiver is also equipped with an antenna array, for which 
multicasting strategies have been proposed in 1111121 . 



approximate solutions based on techniques such as semidefi- 
nite programming, for instance 181- lfTTI . 
The JVf x 1 transmitted signal is 

x = uz. (1) 

The received signals in a flat fading scenario are 

y fc = h k uz + n k , k = 1, . . . , K, (2) 

where hk is the 1 x N t channel state vector for user k, and 
rife is additive white Gaussian noise with variance <j\. Due 
to the absence of inter-user interference, the signal-to-noise 
ratio (SNR) is the primary figure of merit: 

SNRfe = h^K. (3 ) 

We focus on the following potential transmitter objectives 
in a multicast scenario: 

1. Minimization of the transmit power subject to a mini- 
mum SNR threshold per receiver. 

2. Maximization of the average received SNR for all re- 
ceivers. 

3. Maximization of the minimum user SNR (max-min) 
under the total power constraint P. 

4. Maximization of the minimum information rate under 
the total power constraint P. 

Objectives 3 and 4 are equivalent for the case of a 
single multicast group as in this work. To achieve any 
of the above system objectives, the transmitter requires 
global channel state information of all K receivers H = 
[hi ... h^ h Q 1 , where the subscript a denotes the 
malicious adversary. On the other hand, the malicious user 
seeks to degrade the system performance objectives to the 
best of its ability by manipulating the CSI it feeds back. 

We assume that all K legitimate receivers truthfully trans- 
mit their CSI to the transmitter over a error-free public feed- 
back link. Moreover, this global CSI is also known to the 
malicious user via eavesdropping. The transmitter is assumed 
to be unaware of the presence of the malicious user and seeks 
to service all active receivers, i.e., user selection is not con- 
sidered. The formulation of the resultant poisoned feedback 
h a from the malicious user is described in the next section. 

3. POISONED FEEDBACK 
3.1. Transmit Power Minimization 

In this scenario, the transmitter seeks to minimize its trans- 
mit power required to satisfy a pre-determined minimum SNR 
target 7 for each receiver. On the other hand, the malicious 



user seeks to maximize the resource consumption at the trans- 
mitter. Towards this end, a crude attack would be to de- 
mand a very high QoS threshold relative to the legitimate re- 
ceivers. However, such anomalous attacks are easy to iden- 
tify, and at the very least would result in the malicious user 
being dropped from the set of scheduled receivers. Therefore, 
we consider a more subtle attacker, who seeks to feed back 
the worst possible channel state information so as to maxi- 
mize the power consumption at the transmitter. 

The malicious user has the following relaxed optimization 
problem: 

max min trace fuu H ) 
h e u v ' 

s.t. trace (uu^hfeh^) ^ 7, k = 1, . . . , K ^ 

trace (uu ff ) < P 

l|h |]!>/3, 

where an additional norm constraint has been placed on h a 
by the attacker to avoid anomalous feedback values. Define 
D = h e h^, U = uu H , and = hfch^. Introducing an 
auxiliary variable i, we have the following SDP relaxation for 
the attacker: 

min —t 

D 

s.t. trace (U) ^ t ^ 
trace (UG fe ) > 7 
trace (D) ^ /3 

Due to the relaxation of the rank- 1 constraint on the transmit 
covariance, a randomization step is often required after the 
optimization in (0. This implies that the attacker may not be 
able to compute the same beamformer as the transmitter. 



3.2. Maximization of Average Received SNR 

Under this transmitter objective, the attacker adopts the fol- 
lowing: 

uHH"u" 

mm max 5 

h n u 0% 

s.t. \\u\\l = P 

For the transmitter's maximization problem, a closed-form 
solution exists for the optimal beamformer u, namely the 
principle eigenvector of HH ff |9). 

Intuitively, what the attacker should do here is to choose 
h a to be very large and orthogonal to all of the other legiti- 
mate channel vectors. The transmit beamformer would then 
approach h a , and all of the other users would see their allo- 
cated power approach zero. 



3.3. Maximization of Minimum SNR 



An alternative attack would be to minimize the maximum 
SINR enjoyed by any of the legitimate receivers. 

min max min trace (uu^hfch?) for k — 1, . . . ,K, 

h,. u k 

s.t. trace (uu H ) < P ( 6 ) 
l|h„||i>/3. 

Broadly speaking, from the transmitter's perspective the 
optimal beamformer can be expressed as a linear combination 
of the user's channel state vectors: 

K 
k=l 

where the complex coefficients ctk can be obtained using a 
sequential quadratic program |9|. 

However, instead of posing the above problem as another 
SQP or SDP which are known to be computationally intensive 
ifTUI , we assume the attacker employs an iterative algorithm 
that alternatively optimizes h a for a fixed u, and vice versa. 
The inner optimization for the transmit beamformer can be 
carried out based on the iterative SNR-increasing update algo- 
rithm in IflOl Sec. VI]. The attacker initializes the algorithm 
with an arbitrary channel vector and obtains the correspond- 
ing u for this initial global CSI matrix H. After this step, the 
new candidate for h a is obtained using a line search of ap- 
propriate step size in order to find the worst-case feedback in 
terms of the minimum SNR. These iterations continue until a 
pre-determined stopping criterion. 

4. NUMERICAL RESULTS 

The following simulation results are compiled using 1000 
Monte Carlo trials per point. The channel vectors for all 
links are composed of independent Gaussian random vari- 
ables with zero mean and unit variance. The background 
noise power is assumed to be the same for all K receivers and 
the eavesdropper: a\ = 1. All SNR and rate results shown 
here correspond to the K legitimate receivers only, since the 
attacker has no value for the transmitted information as stated 
previously. 

Fig. Q] displays the contrast between the total transmit 
power required to meet a modest SNR target of 7 — 5dB 
per receiver when all receivers report their CSI accurately, 
and when a single malicious user is present. It is evident 
that the attacker is able to waste a significant portion of the 
transmitter's power. 

Fig.|2]exhibits the performance loss in terms of maximum 
average received SNR in dB of the legitimate users due to 
poisoned feedback, with K = 5 receivers. The attacker is 
able to starve the other receivers of allocated power on the 
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Fig. 1. Transmit power fraction versus number of receivers 
K, P=20dB, N t = 5 antennas. 
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Fig. 2. Maximum average SNR versus transmit power P, 
Nt — 5 antennas. 
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Fig. 3. Minimum information rate versus number of receivers 
K, P=20dB, N t = 4 antennas. 



downlink, and reduces overall QoS levels by up to 3dB even 
for large transmit powers. 

Fig. |3] shows the maximized minimum information rates 
for the closed-loop systems with completely accurate and poi- 
soned feedback, and the open-loop multicast downlink with 
isotropic transmission lfl3l . respectively. The maximized 
minimum information rate is defined as 



max min log 2 (1 

D l<k<K 



SNR fc ) . 



The interesting observation here is that the presence of just 
a single malicious user drives the system performance signif- 
icantly below that achievable without any feedback whatso- 
ever. 

5. CONCLUSION 

This paper presented a preliminary investigation of the vul- 
nerability of feedback-based downlink systems to malicious 
CSI reporting. It is observed that deliberate feedback of the 
worst possible CSI can lead to a closed-loop system perfor- 
mance that is considerably worse than that achieved by open- 
loop multicasting without CSI feedback. Therefore, smart 
detection and repudiation techniques to validate feedback of 
CSI at the physical layer are necessary as highlighted by the 
numerical results. Numerous avenues exist for future work, 
namely the closed-loop broadcast scenario with independent 
information for receivers. 
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